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IN THE CLAIMS 

Please amend Claims 1, 3-11, 13-14 and 16-17 as indicated. 

Please cancel Claim 15 without prejudice and without disclaimer of subject matter. 

1 . (Currently amended) A computer program product for determining if any of a 
plurality of groups may have an improper actual level of privilege that a group has been 
improperly assigned a privilege level higher than user level privilege , the group including a 
plurality of members, said computer program product comprising: 

a computer readable medium; 

first program instructions to compare each members within each of said the groups to a 
first lis t, the first list including names of trusted individuals; 

second program instructions to determine if any whether the group s with an actual 
privilege level higher than user level privilege have a includes at least one member not on the 
first list of trusted individuals , and if so, generate a report identifying said at least one member 
not on the first list of trusted individuals and the group in which said at least one member is a 
member; and 

third program instructions to determine if any group with an actual privilege level higher 
than user level privilege whether the group has a group name on a second list e f, the second list 
including group names generally used for a group with user level privilege, and if so, generate a 

report indicating that said the group with the higher actual privilege level has a group name 
generally used for a group ¥»4th having user level privilege, such that the members of said the 
groups with the higher actual privilege having a group name generally used for a group with use] 
level privilege group are revealed as trusted or potentially not trusted; an d wherein 
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said first, second and third program instructions are recorded on said medium. 

2. (Original) A computer program product as set forth in claim 1 wherein there are a 
plurality of applications or application instances, and a same group can be assigned different 
privilege levels for involvement with different applications or application instances; and said 
third program instructions makes its determination separately for each application or application 
instance. 

3. (Currently amended) A computer program product as set forth in claim l^further 
comprising: 

fourth program instructions to determine if any groups with an actual privilege level 
higher than user level privilege have whether the group has a group name not included on a third 
lis t, the third list including ef group names generally used for a group with the higher level 
having a privilege level higher than user level privilege , and if so, generate a report indicating 
that said the group with the higher actual privilege level has a group name not on a the third list 
of group names generally used for a group with the higher level privilege , such that ^ members 
of said groups with the higher actual privilege having a group name not generally used for a 
group with the higher level privilege the group are revealed as trusted or potentially not trusted; 

wherein said fourth program instructions are recorded on said medium. 
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4. (Currently amended) A computer program product as set forth in claim 1^ 
wherein said second program instructions determine if any whether the group with an actual 
privilege level higher than user level privilege have all of its includes at least one members not 
on the first list of trusted individuals , and if se not, generate a report indicating that smd the 
group with the higher actual privilege level has all its members on the first list of trusted 
individuals . 

5. (Currently amended) A computer program product as set forth in claim 1^ further 
comprising fourth program instructions , responsive to determining that the group has a group 
name on the second list, to determine if all the whether each members of said groups with the 
higher actual privilege having a group name generally used for a group with user level privilege 
are the group is on the first list of trusted individuals ; and wherein 

said fourth program instructions are recorded on said medium. 

6. (Currently amended) A computer system for determining if any of a plurality of 
groups may have an improper actual level of privilege that a group has been improperly assigned 
a privilege level higher than user level privilege , the group including a plurality of members, said 
computer system comprising: 

means for comparing members within each of said the groups to a first lis t, the first list 
including names of trusted individuals; 

means for determining if any whether the group s with an actual privilege level higher 
than user level privilege have a includes at least one member not on the first list of trusted 
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individuals , and if so, generate generating a report identifying smd the at least one member net 
on the list of trusted individuals and the group in which smd the at least one member is a member 
included : and 

means for determining if any whether the group with an actual privilege level higher than 
user level privilege has a group name on a second lis t, the second list including ef group names 
generally used for a group with user level privilege, and if so, generate generating a report 
indicating that said Ae group with the higher actual privilege level has a group name generally 
used for a group with user level privilege, such that the members of smd the group s with the 
higher actual privilege having a group name generally used for a group with user level privilege 
are revealed as trusted or potentially not trusted. 

7. (Currently amended) A computer system as set forth in claim 6 wherein there are 
a plurality of applications or application instances, and a same group can be assigned different 
privilege levels for involvement with different applications or application instances; and said 
means for determining if any whether the group with an actual privilege level higher than user 
level privilege has a group name generally used for a group with user level privilege makes its 
determination separately for each application or appUcation instance. 

8. (Currently amended) A computer system as set forth in claim 6^ further 
comprising: 

means for determining if any whether the group s with an actual privilege level higher 
than user level privilege have has a group name not on a third hs t, the third list including e f 
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group names generally used for a group with the having a privilege level h igher level than user 
level privilege, and if so, generate generating a report indicating that said the group with the 
higher actual privilege level has a group name not generally used for a group with the higher 
level privilege, such that the members of smd tiie group s with the higher actual privilege having 




trusted or potentially not trusted. 

9. (Currently amended) A computer system as set forth in claim 6^ wherein said 
means for determining if any whether the group s with an actual privilege level higher than user 
level privilege have a includes at least one member not on the first list of trusted individuals 
determines if any that the group with an actual privilege level higher than user level privilege 
have has all of its members on the list of trusted individuals, and if so, said means generates a 
report indicating that smd tiie group with the higher actual privilege level has all its members on 

10. (Currently amended) A computer system as set forth in claim 6^ wherein 
responsive to determining that the group has a group name generally used for a group with user 
level privilege, further comprising comprises means for determining if-dl whether the members 
of smd the group s with the higher actual privilege having a group name generally used for a 
group with user level privilege are on the first Ust of trusted individuals . 




group 



generally used for a group with the higher level privilege are revealed as 
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1 1 . (Currently amended) A computer program product for determining if any of a 
plurality of groups may have an improper actual level of privilege that a group has been 
improperly assigned a privilege level higher than user level privilege , the group including a 
plurality of members, said computer program product comprising: 

a computer readable medium; 

first program instmctions_to compare each members within each of said the g roups to a 
first list , the first list including names of trusted individuals; 

second program instructions to determine if any whether the g roup s with an actual 
privilege level higher than user level privilege have a includes at least one member not on the 
first list of trusted individuals , and if so, generate a report identifying said at least one member 
not on the first hst of trusted individuals and the group in which said at least one member is a 
member; and 

third program instructions to determine if any groups with an actual privilege level higher 
than user level privilege have whether the group has a group name not on a second list e f, the 

second list including group names generally used for a group with the higher level having a 
privilege level higher than user level privilege , and if so, generate a report indicating that said the 
group with the higher actual privilege level has a group name not generally used for a group wife 
the higher level having a p rivilege level higher than user level privilege , such that the members 
of smd the_group s with the higher actual privilege having a group name not generally used for a 
group with the higher level privilege are revealed as trusted or potentially not trusted; aad 

said first, second and third program instructions are recorded on said medium. 
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12. (Original) A computer program product as set forth in claim 11 wherein there are 
a plurality of applications or application instances, and a same group can be assigned different 
privilege levels for involvement with different applications or application instances; and said 
third program instructions makes its determination separately for each application or application 
instance. 

13. (Currently amended) A computer program product as set forth in claim 1 1 
wherein said second program instructions determine if any whether the group with an actual 
privilege level higher than user level privilege have all of its has at least one members not on the 
first list of trusted individuals , and if m not, generate a report indicating that said the group wife 
the higher privilege level has all its members on the first list of trusted individuals . 

14. (Currently amended) A computer program product as set forth in claim 1 1 further 
comprising fourth program instructions , responsive to determining that the group has a group 
name on the second list, to determine if all the whether each members of s^ the g roup with the 
higher actual privilege having a group name not generally used for a group with higher level 
privilege are is_on the first list of trusted individuals ; and wherein 

said fourth program instructions are recorded on said medium. 

15. (Cancelled) 
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16. (Currently amended) A computer program product for managing privileges of 
groups, said computer program product comprising: 

a computer readable medium; 

first program instructions to determine if any that a group with an actual privilege level 
higher than user level privilege has a group name on a list of group names generally used for a 
group with user level privilege or no privilege ; and 

second program instructions, responsive to a determination of a group with an actual 
privilege level higher than user level privilege with a group name generally used for a group with 
a privilege level no higher than user level privilege or no privilege , to compare members of sueh 
said group to a list of trusted individuals, and if any member(s) of sue h said group does not 
appear on said list of trusted individuals, remove said member^ from suefe said g roup that do 
not appear on the said list of trusted individuals ; and wherein 

said first and second program instructions are recorded on said medium. 

17. (Currently amended) A computer program product for managing privileges of 
groups, said computer program product comprising: 

a computer readable medium; 

first program instructions to determine if any that a group with an actual privilege level 
higher than user level privilege has a group name not on a list of group names generally used for 
a group with privilege level higher than user level privilege; and 

second program instructions, responsive to a determination of a group with an actual 
privilege level higher than user level privilege with a group name not generally used for a group 
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with privilege level higher than user level privilege, to compare members of s«eh said group to a 
list of trusted individuals, and if any member(s) of suefe said group does not appear on said list of 
trusted individuals, lower the actual privilege level of said group; and wherein 
said first and second program instructions are recorded on said medium. 
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